In the state of the art, mechanisms are known for encrypting/decrypting data transmitted between a sender and a receiver. The principle of such a mechanism is illustrated by the diagram of FIG. 1.
The sender comprises a cryptographic sequence generator 11, which generates a data block SCi called the cryptographic sequence, independently of the plaintext data stream, on the basis of a secret cipher key K and of an information information cue called the initialization vector IVi. The cryptographic sequence SCi is such that:SCi=EK(IVi)  (1)where EK designates the encryption of the information information cue IVi with the key K, according to a specified encryption algorithm.
The encryption algorithm is the same for all the mobile terminals of the system. The initialization vector IVi and the secret cipher key K are known both to the sender terminal and to the receiver terminal. The initialization vector IVi varies over time so as to avoid the same cryptographic sequence being used twice with the same key K, which would seriously weaken the security of the data transmitted. The index i refers to a current value of the initialization vector.
The sender also comprises an Exclusive-OR operator 21 which receives the cryptographic sequence SCi on a first input and a sequence mi of plaintext data on a second input, and which generates a sequence of encrypted data ci at output, so that:ci=mi⊕SCi  (2)where ⊕ designates the Exclusive-OR operation carried out bitwise.
The sequence ci is transmitted through the transmission channel 20.
The receiver likewise comprises a cryptographic sequence generator 12 generating, on the basis of the same initialization vector IVi and of the same secret cipher key K, a cryptographic sequence SCi identical to that generated by the generator 11 of the sender and having served for the encryption of the sequence ci. Likewise, it also comprises an Exclusive-OR operator 22 which receives on a first input the cryptographic sequence SCi generated by the generator 12, which receives on a second input the encrypted data sequence ci, and which restores at output the sequence mi of plaintext data, owing to the fact that:ci⊕SCi=mi⊕SCi⊕SCi=mi  (3)
In order for the end-to-end transmission of encrypted data to be correct, the sender and the receiver must perform mutually dual operations. In particular, it is therefore necessary for the receiver to know the time relation to be complied with at the input of the operator 22, between the cryptographic sequence SCi that it generates on the one hand and the encrypted data sequence ci which it receives on the other hand, so that decryption executes correctly. The name for this constraint is cryptographic synchronization.
In the envisaged type of applications, cryptographic synchronization in reality exhibits two aspects. Firstly, initial synchronization, that is to say at the start of communication. And thereafter, periodic synchronization, making it possible to alleviate any loss of cryptographic synchronization between the mobile terminals participating in the communication, and moreover allowing late entry of other mobile terminals into the communication, in the context of a group communication.
An exemplary cryptographic synchronization technique for the end-to-end encryption of a radiocommunication has already been proposed for systems of FDMA type (standing for “Frequency Division Multiple Access”). This technique is described, for example, in American U.S. Pat. No. 4,757,536. It relies on the periodic insertion, into the preamble of the speech packets or frames, of both a radio and cryptographic synchronization information information cue, allowing in particular the function of late entry into the communication. The synchronization information cue consists here of the current value of the initialization vector.
This technique has been applied without modification in systems of TDMA type such as the TETRA system (standing for “TErrestrial Trunked Radio”), where no resource had been reserved a priori for the transmission of a cryptographic synchronization information cue: the latter is transmitted from end to end by speech frame stealing. More particularly, the data of a speech frame contained in certain determined TDMA frames (or radio frames) is replaced with a cryptographic synchronization information cue. The latter allows the receiver terminal to generate the cryptographic sequence suitable for the decryption of the speech data transmitted in the TDMA frames which follow immediately. There is therefore a determined and fixed time relation between the transmission of the synchronization information cues and that of the encrypted data to which they pertain. The cryptographic synchronization information cue is said to be transmitted in-band with reference to the fact that it occupies useful resources of the communication. Reference may for example be made to American patent No. 2002/0066013 for an example of this technique applied to the TETRA system.
In this application, the known technique nevertheless has numerous drawbacks.
Firstly, the initial synchronization must be of good quality so as to avoid the situation whereby radioelectric transmission errors would deprive numerous terminals receiving in group communications, of the possibility of receiving and of decrypting speech correctly. This is why the cryptographic synchronization information cue is repeated in general 4 times in the course of the first second of the communication, i.e. in the course of the first 34 frames, thereby giving rise to a frame stealing rate of the order of 11%, severely degrading the quality of the speech.
Subsequently, the choice of the periodicity of the repetition of the cryptographic synchronization information cue leads to a compromise between the quality of the speech which requires a low periodicity of frame stealing, on the one hand, and the minimization of the delay upon late entries which on the contrary requires a high periodicity, on the other hand. This compromise is in general unsatisfactory.
Finally, in systems offering end-to-end encryption services, the cryptographic synchronization must be the subject of particular care when a mobile terminal receiving performs a change of cell in the course of a communication (or “handover”). Specifically, the different propagation times for the speech packets in the network subsystem generally lead to a loss of synchronization upon a change of cell. This loss of synchronization is temporary in the case where the synchronization information cues are repeated periodically by being transported by speech frame stealing, as in the TETRA system. However, the transmission of these synchronization information cues takes place with a much lower periodicity than the duration of a correctly designed change of cell. This results in a non-negligible delay in the re-establishing of the communication in the target cell, which leads to strong degradation of the quality of service. The only solution for alleviating this drawback would be to increase the periodicity of repetition of the cryptographic synchronization information cue. Nevertheless, since this information cue is transported by speech frame stealing, the quality of the speech would be strongly degraded.
Therefore, it is desirable to define a cryptographic synchronization mechanism in a TDMA system possessing an associated signaling channel, which eliminates the aforesaid drawbacks of the prior art.
It is also desirable to propose a mechanism for maintaining cryptographic synchronization upon a change of cell in the course of a communication by a mobile terminal receiving.